encryption

The Code Red project is launched as whistleblowers warn of unprecedented threats to privacy

By |

BY SIMON DAVIES
THE PRIVACY SURGEON

The whistleblower community turned out in force last night in Berlin for the launch of the long-awaited Code Red security accountability project. The Code Red initiative was created by veteran privacy activist Simon Davies in response to mounting concerns that government surveillance and intrusion has escalated – despite the Snowden national security disclosures in 2013. The project will work to accelerate reform of secret institutions and will provide support and strategic advice for whistleblowers in those domains. The Berlin event was attended by numerous high-profile whistleblowers, including former senior NSA officials William Binney and Thomas Drake along with former MI5 intelligence officer Annie Machon. On the previous day, Binney had received the Sam Adams Award for integrity in intelligence.

encryption

President Obama Comments on Back-doors in Encryption

By |

BY CODY POPLIN
LAWFARE

“If we get into a situation which the technologies do not allow us at all to track somebody we’re confident is a terrorist . . . and despite knowing that information, despite having a phone number or a social-media address or email address, that we can’t penetrate that, that’s a problem,” President Obama said. However, he continued by noting the difficult and sometime tenuous balance between security, liberty, and privacy, saying that debate from civil libertarians and privacy groups has been “useful.” The comment, along with several others, came at the end of the briefing, which you can watch in full above.

encryption

How the internet’s engineers are fighting mass surveillance

By |

BY DAVID MEYER
GIGAOM

The Internet Engineering Task Force has played down suggestions that the NSA is weakening the security of the internet through its standardization processes, and has insisted that the nature of those processes will result in better online privacy for all. After the Snowden documents dropped in mid-2013, the IETF said it was going to do something about mass surveillance. After all, the internet technology standards body is one of the groups that’s best placed to do so – and a year and a half after the NSA contractor blew the lid on the activities of the NSA and its international partners, it looks like real progress is being made. Here’s a rundown on why the IETF is confident that the NSA can’t derail those efforts — and what exactly it is that the group is doing to enhance online security. Defensive stance
The IETF doesn’t have members as such, only participants from a huge variety of companies and other organizations that have an interest in the way the internet develops.

encryption

Inside the NSA’s War on Internet Security

By |

BY SPIEGEL STAFF
DER SPEIGEL

When Christmas approaches, the spies of the Five Eyes intelligence services can look forward to a break from the arduous daily work of spying. In addition to their usual job — attempting to crack encryption all around the world — they play a game called the “Kryptos Kristmas Kwiz,” which involves solving challenging numerical and alphabetical puzzles. The proud winners of the competition are awarded “Kryptos” mugs. Encryption — the use of mathematics to protect communications from spying — is used for electronic transactions of all types, by governments, firms and private users alike. But a look into the archive of whistleblower Edward Snowden shows that not all encryption technologies live up to what they promise.

encryption

New, Free Certificate Authority to Dramatically Increase Encrypted Internet Traffic

By |

EFF.ORG

The Electronic Frontier Foundation (EFF) is helping to launch a new non-profit organization that aims to dramatically increase secure Internet browsing. Let’s Encrypt is scheduled to offer free server certificates beginning in summer 2015. “This project should boost everyday data protection for almost everyone who uses the Internet,” said EFF Technology Projects Director Peter Eckersley. “Right now when you use the Web, many of your communications—your user names, passwords, and browsing histories—are vulnerable to hackers and others. By making it easy, fast, and free for websites to install encryption for their users, we will all be safer online.”

encryption

EFF Relaunches Surveillance Self-Defense

By |

BY JILLIAN YORK
EFF
We’re thrilled to announce the relaunch of Surveillance Self-Defense (SSD), our guide to defending yourself and your friends from digital surveillance by using encryption tools and developing appropriate privacy and security practices. The site launches today in English, Arabic, and Spanish, with more languages coming soon. SSD was first launched in 2009, to “educate Americans about the law and technology of communications surveillance…” and to provide information on how to use technology more safely. Not long after, in the midst of the 2009 Iranian uprising, we launched an international version that focused on the concerns of individuals struggling to preserve their right to free expression in authoritarian regimes. In the time since the Snowden revelations, we’ve learned a lot about the threats faced by individuals and organizations all over the world—threats to privacy, security, and free expression.

encryption

Apple’s iPhone Encryption Is a Godsend, Even if Cops Hate It

By |

BY KEVIN POULSEN
WIRED

It took the upheaval of the Edward Snowden revelations to make clear to everyone that we need protection from snooping, governmental and otherwise. Snowden illustrated the capabilities of determined spies, and said what security experts have preached for years: Strong encryption of our data is a basic necessity, not a luxury. And now Apple, that quintessential mass-market supplier of technology, seems to have gotten the message. With an eye to market demand, the company has taken a bold step to the side of privacy, making strong crypto the default for the wealth of personal information stored on the iPhone. And the backlash has been as swift and fevered as it is wrongheaded.

encryption

The Horror of a ‘Secure Golden Key’

By |

BY CHRIS COYNE
KEYBASE
This week, the Washington Post’s editorial board, in a widely circulated call for “compromise” on encryption, proposed that while our data should be off-limits to hackers and other bad actors, “perhaps Apple and Google could invent a kind of secure golden key” so that the good guys could get to it if necessary. This theoretical “secure golden key” would protect privacy while allowing privileged access in cases of legal or state-security emergency. Kidnappers and terrorists are exposed, and the rest of us are safe. Sounds nice. But this proposal is nonsense, and, given the sensitivity of the issue, highly dangerous.

encryption

Signaling Post-Snowden Era, New iPhone Locks Out N.S.A.

By |

By DAVID E. SANGER and BRIAN X. CHEN
THE NEW YORK TIMES
Devoted customers of Apple products these days worry about whether the new iPhone 6 will bend in their jean pockets. The National Security Agency and the nation’s law enforcement agencies have a different concern: that the smartphone is the first of a post-Snowden generation of equipment that will disrupt their investigative abilities. The phone encrypts emails, photos and contacts based on a complex mathematical algorithm that uses a code created by, and unique to, the phone’s user — and that Apple says it will not possess. The result, the company is essentially saying, is that if Apple is sent a court order demanding that the contents of an iPhone 6 be provided to intelligence agencies or law enforcement, it will turn over gibberish, along with a note saying that to decode the phone’s emails, contacts and photos, investigators will have to break the code or get the code from the phone’s owner. Breaking the code, according to an Apple technical guide, could take “more than 5 1/2 years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.” (Computer security experts question that figure, because Apple does not fully realize how quickly the N.S.A. supercomputers can crack codes.)
Already the new phone has led to an eruption from the director of the F.B.I., James B. Comey.

encryption

Your iPhone Can Finally Make Free, Encrypted Calls

By |

BY ANDY GREENBERG
WIRED

If you’re making a phone call with your iPhone, you used to have two options: Accept the notion that any wiretapper, hacker or spook can listen in on your conversations, or pay for pricey voice encryption software. As of today there’s a third option: The open source software group known as Open Whisper Systems has announced the release of Signal, the first iOS app designed to enable easy, strongly encrypted voice calls for free. “We’re trying to make private communications as available and accessible as any normal phone call,” says Moxie Marlinspike, the hacker security researcher who founded the nonprofit software group. Later this summer, he adds, encrypted text messaging will be integrated into Signal, too, to create what he describes as a “single, unified app for free, easy, open source, private voice and text messaging.”

Signal encrypts calls with a well-tested protocol known as ZRTP and AES 128 encryption, in theory strong enough to withstand all known practical attacks by anyone from script-kiddy hackers to the NSA. But WIRED’s test calls with an early version of the app, after a few false-starts due to bugs that Marlinspike says have now been ironed out, were indistinguishable from any other phone call.